Answered by:

Exchange 2003 LDAP errors (2061, 2389, 6015)

Question

Every now and again we have incoming messages being sent to bad mail on our exchange front end mail servers (Exchange 2003 SP2 running on Windows 2003 SP2) that are destined for mailboxes within the company. I have checked the domain controllers (Windows
2003 SP2) and these appear to be ok and are not rebooted when the issues ocurr.

I have increased the exchange logging on the exchange front end servers and see errors similar to those below:

I have installed the perfiz counters, so I will give this a go. The only problem is that it happens randomly so I may not be able to get the data when the problem happens.

Our network is GB and the servers are in the same site. The exchange servers and domain controllers are in different VLAN's.

We have 4 DC's in total, 2 are GC's. we have over 7000 accounts.

The DC that seems to always be mentioned in the Logs is not a GC but is the PDC for our domain. This server does not hold any other roles. I have noticed today that the DC (Well in fact all the DC's) hard drives are very fragmented so I might
have a go at defragging at least the drive on the PDC.

Could the actual AD database need to be defragged? Is there any way of me knowing if I need to do it?

>Our network is GB and the servers are in the same site. The exchange servers and domain controllers are in different VLAN's.

>

>We have 4 DC's in total, 2 are GC's. we have over 7000 accounts.

That's not a lot of accounts. :-)

>The DC that seems to always be mentioned in the Logs is not a GC but is the PDC for our domain.

Ouchie! Didn't the ExBPA recommend that you configure your Exchange

server(s) to avoid using the aserver with the PDC FSMO role?

See http://support.microsoft.com/?kbid=298879

In your case, set MinUserDC to 3.

I'd start a PerfWiz on the PDC FSMO role holder, too. Chances are

pretty good that it's got something not-so-good going on.

>This server does not hold any other roles. I have noticed today that the DC (Well in fact all the DC's) hard drives are very fragmented so I might have a go at defragging at least the drive on the PDC.

>

>Could the actual AD database need to be defragged? Is there any way of me knowing if I need to do it?

Thanks for the info. I applied the reghack to prevent exchange using the PDC emulator and since doing this on the 15/05/2012 I have had no more 3009 NDR errors. Its looking good and I'm crossing my fingers that this is the fix.

I have checked my Exchange Best Practise reports I did and there is no mention of this issue.

I had only applied the reghack originally to the front end mail gateway servers, but I have today added it to the backend exchange servers as well.

I will keep you updated, but I won't be able to check if I have had no further errors until after 6th June.